We use cookies. You have options. Cookies help us keep the site running smoothly and inform some of our advertising, but if you’d like to make adjustments, you can visit our Cookie Notice page for more information.
We’d like to use cookies on your device. Cookies help us keep the site running smoothly and inform some of our advertising, but how we use them is entirely up to you. Accept our recommended settings or customise them to your wishes.
×

Protect Private Data With A Privacy Wall

The smart folks over at Wesabe describe a neat idea for protecting private data in a database. They call it the "privacy wall". In a nutshell: don't keep private data (credit cards, SSNs, medical records, etc) keyed to users; rather, key these data from a hash of the username and password. This means one needs a username/password to match any secret data back to any individual. If hackers managed to compromise such a database, they'd end up with gigabytes of disconnected facts, making identify theft much more difficult. Most online retailers have poor security practices (for example, experts advise never storing credit card numbers; most online retailers do). Barney Frank, Chairman of the House Financial Services Committee, is proposing legislation to hold retailers more accountable for data breaches. Tightening up your data security procedures makes good business sense, even if not yet required by law. The privacy wall concept is worth considering.

Join the Discussion